WPA2 KRACK security vulnerability

You may have been made aware of a recent wireless exploit that breaks the security of Wi-Fi connections. We have put together guidance below which we hope is useful:

SummaryThis Monday a number of vulnerabilities was found the WPA2 protocol will impact all organisation using secured wireless. The WPA2 protocol is used to setup the secure communication between wireless devices and the access points they connect to. This vulnerability will impact you if you are using WPA2-PSK (password) or WPA2-Enterprise (username/password).

ImpactAs the vulnerability impacts the protocol used with WPA2 this will affect all wireless vendors unless a software update has been deployed. The research was embargoed so we have seen a number of vendors pre-issue patches before the announcement of this issue. Please refer to your manufacturers website for more information.

MitigationThere is currently no mitigation for this vulnerability. Software updates will become available over the coming days, for those with automatically updating systems (typically cloud based) this should happen automatically. Others will need to manually update your wireless LAN controllers, this may require a support contract to be in place.

RiskThe attack will enable an attacker to gain full access to your secured wireless network as well as inject malicious packets and snoop on any encrypted traffic. Physical proximity will be needed to the wireless network however due to wireless network propagation this may not require the attacker to be within your premises.

LikelihoodThe skill level required to execute this attack is currently not know as the full research will not be released until November 1st. We would advise customers to update their systems, using manufacturer tools, before this date as it is likely this exploit will be incorporated into wireless attacking toolkits which will reduce the skill level required to utilise.